CVE-2023-27998 — MEDIUM (5.3)

Vulnerability Description

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Fortinet	Fortipresence	1.0.0

Related Weaknesses (CWE)

CWE-755 CWE-756

References

https://fortiguard.com/psirt/FG-IR-22-288Vendor Advisory
https://fortiguard.com/psirt/FG-IR-22-288Vendor Advisory

FAQ

What is CVE-2023-27998?

CVE-2023-27998 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to...

How severe is CVE-2023-27998?

CVE-2023-27998 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-27998?

Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortipresence.